package WEB.servlet;

import db.exceptions.IntakeDaoException;
import db.exceptions.PatientDaoException;
import db.exceptions.PersonDaoException;
import personal.Doctor;
import personal.Patient;
import personal.Person;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class SecurityFilter implements Filter {
    private ServletContext servletContext;

    public void init(FilterConfig filterConfig) throws ServletException {
        servletContext = filterConfig.getServletContext();
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        final HttpServletRequest req = (HttpServletRequest) request;
        final HttpServletResponse resp = (HttpServletResponse) response;
        String uri = req.getRequestURI();
        if("/docRegister.jsp".equals(uri)||"/docRegister.do".equals(uri)){
            chain.doFilter(request, response);
            return;
        }

        Person sessionUser = (Person)req.getSession(true).getAttribute("sessionUser");
        if ( sessionUser!=null ) {
            //resp.sendRedirect("login.html");
            //  mime-type information collides with resource extension
            if(sessionUser instanceof Patient && (uri.contains("addIntake")||uri.contains("delIntake")))
            {
                req.getSession().setAttribute("errorMessage","You do not have permissions to access this page.");
                resp.sendRedirect("/error.jsp");
            }
            String id = request.getParameter("id");
            String idIntake = request.getParameter("idIntake");

            if(sessionUser instanceof Doctor )
            {
                if(id!=null&&uri.contains("addIntake"))
                {
                    try{
                        Integer intId = new Integer(id);
                        if(!((Doctor)sessionUser).hasPatient(intId))
                        {
                             req.getSession().setAttribute("errorMessage","You do not have permissions to access this page.");
                             resp.sendRedirect("/error.jsp");
                        }

                    }catch (NumberFormatException e)
                    {
                        req.getSession().setAttribute("errorMessage","Wrong parameter.");
                        resp.sendRedirect("/error.jsp");
                    } catch (PatientDaoException e) {
                        e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
                        req.getSession().setAttribute("errorMessage","Patient db error.");
                        resp.sendRedirect("/error.jsp");
                    } catch (PersonDaoException e) {
                        e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
                        req.getSession().setAttribute("errorMessage","Person db error.");
                        resp.sendRedirect("/error.jsp");
                    }
                }
                if(uri.contains("delIntake"))
                {
                    try{
                        Integer intId = new Integer(idIntake);
                        if(!((Doctor)sessionUser).hasIntake(intId))
                        {
                             req.getSession().setAttribute("errorMessage","You do not have permissions to access this page.");
                             resp.sendRedirect("/error.jsp");
                        }

                    }catch (NumberFormatException e)
                    {
                        req.getSession().setAttribute("errorMessage","Wrong parameter.");
                        resp.sendRedirect("/error.jsp");

                } catch (IntakeDaoException e) {
                        e.printStackTrace();  //To change body of catch statement use File | Settings | File Templates.
                        req.getSession().setAttribute("errorMessage","Intake dows not exist in db");
                        resp.sendRedirect("/error.jsp");
                    }
                }
            }
        }

        else
        {
            if(!("/login.do".equals(uri)))
            {
                servletContext.getRequestDispatcher("/Login.jsp").forward(req, resp);
                return;
            }
            //return;
        }

        chain.doFilter(request, response);
    }

    public void destroy() {
        //  nothing to do here
    }
}
